rigortype 0.1.13 → 0.1.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f7d66cf2c7a6c883fbbab59a805b1d1bca62867022e42d9b68d0b788525e831
-  data.tar.gz: c327399cf8c239da46f383de404cd15843d8ce220b5538f1905d72f4e082a59f
+  metadata.gz: b1dbcd9b168a06cc8d5f26e0a096f19496c3cebdc8864fb56d966741b8a42577
+  data.tar.gz: 39e428c763e8d8cac6d9743d40d5d654bfaec56362d41e338a6dac974dff27cf
 SHA512:
-  metadata.gz: a69935a6c878eba22f3050041d044855b9f98eefa8dc3ab55bd33ca2ecce12efc5abffb2dd0fbc57edfd7736fe5ee4eb985694e4fbcddbc63f2e231bf48483a4
-  data.tar.gz: 58839858c8a5adcf8db74ef9d8c5ed2999c4459854a85c330b107ce3a933d08cb024cacc6c1303c638ab12ae1f5bc6559c14922ac13d17f41a5609631220fc28
+  metadata.gz: 6cd6a4d0b52fcd2e1e2bacddd6120154ccbe075ef86615c38d7e6d1d942ea158f55abaeb03f01c0a23315a187076912315af98ce74faa4c174c4f6c5c98eac74
+  data.tar.gz: 1d7b600e3dd97a38bf1ac08231a7aa07635210723adf349c014d9100ccc2b0a868deb8a6479d99207e1c0b5e4cf07c158f0f0cb3bda325ec5c7d143e4f5ae90b

data/README.md

@@ -49,8 +49,18 @@ Rigor is a tool, not a library — install it independently, **not** in
 your project's `Gemfile`. It runs on Ruby 4.0, regardless of which Ruby
 version your project targets.
 
-The recommended setup uses [`mise`](https://mise.jdx.dev/), which
-provisions both Ruby 4.0 and Rigor pinned per project:
+**Using an AI coding agent?** Hand it this prompt and it will detect
+your environment, install Rigor, and kick off the project-init Skill
+automatically:
+
+```
+Install Rigor in this project by following the instructions at
+https://raw.githubusercontent.com/rigortype/rigor/refs/heads/master/docs/install.md
+```
+
+**Manual install** — the recommended path uses
+[`mise`](https://mise.jdx.dev/), which provisions both Ruby 4.0 and
+Rigor pinned per project:
 
 ```sh
 mise use ruby@4.0

data/lib/rigor/environment/rbs_collection_discovery.rb

@@ -34,6 +34,20 @@ module Rigor
       # `sig/`), and `local` (a user-managed RBS dir) — all
       # produce a directory under the collection root and are
       # admitted.
+      #
+      # The `source.type` filter alone is NOT sufficient: gems
+      # that were extracted from Ruby's stdlib into standalone
+      # default gems (e.g. `cgi`, `logger`, `base64`, `csv`,
+      # `bigdecimal`) are published in `ruby/gem_rbs_collection`
+      # under a `git` source type, yet rigor ALSO loads them
+      # from its bundled stdlib via `DEFAULT_LIBRARIES`. Loading
+      # both copies triggers the very
+      # `RBS::DuplicatedDeclarationError` this module exists to
+      # avoid (observed on a Rails 8 app: `.gem_rbs_collection/
+      # cgi/0.5/` vs the bundled `stdlib/cgi`). The
+      # `skip_gem_names:` parameter lets the caller pass the set
+      # of library names rigor already loads so those gems are
+      # dropped regardless of `source.type`.
       SKIPPED_SOURCE_TYPES = Set["stdlib"].freeze
 
       DEFAULT_COLLECTION_PATH = ".gem_rbs_collection"
@@ -47,14 +61,21 @@ module Rigor
       # @param auto_detect [Boolean] when true and
       #   `lockfile_path:` is nil, look for
       #   `<project_root>/rbs_collection.lock.yaml`.
+      # @param skip_gem_names [Array<String>, Set<String>] gem
+      #   names rigor already loads from its bundled stdlib (the
+      #   merged `DEFAULT_LIBRARIES + libraries:` set). Entries
+      #   whose `name` is in this set are dropped regardless of
+      #   `source.type` to avoid `RBS::DuplicatedDeclarationError`
+      #   on stdlib-extracted default gems. Defaults to empty.
       # @return [Array<Pathname>] every
       #   `<collection_path>/<gem-name>/<gem-version>/`
       #   directory listed in the lockfile whose entry has a
-      #   non-skipped source type and whose directory exists on
-      #   disk. Returns `[]` when no lockfile is resolvable,
-      #   when the YAML is unreadable, or when the collection
-      #   path doesn't exist.
-      def self.discover(lockfile_path:, project_root: Dir.pwd, auto_detect: true)
+      #   non-skipped source type, whose `name` is not in
+      #   `skip_gem_names:`, and whose directory exists on disk.
+      #   Returns `[]` when no lockfile is resolvable, when the
+      #   YAML is unreadable, or when the collection path
+      #   doesn't exist.
+      def self.discover(lockfile_path:, project_root: Dir.pwd, auto_detect: true, skip_gem_names: [])
         resolved = resolve_lockfile_path(
           lockfile_path: lockfile_path,
           project_root: project_root,
@@ -68,7 +89,7 @@ module Rigor
         collection_root = resolve_collection_root(resolved, data)
         return [] unless collection_root.directory?
 
-        gem_paths_from(collection_root, data)
+        gem_paths_from(collection_root, data, skip_gem_names.to_set)
       end
 
       # Returns the resolved lockfile path (`Pathname`) or `nil`
@@ -105,7 +126,7 @@ module Rigor
       end
       private_class_method :resolve_collection_root
 
-      def self.gem_paths_from(collection_root, data)
+      def self.gem_paths_from(collection_root, data, skip_gem_names)
         Array(data["gems"]).filter_map do |entry|
           next unless entry.is_a?(Hash)
 
@@ -115,6 +136,7 @@ module Rigor
           name = entry["name"]
           version = entry["version"]
           next if name.nil? || version.nil?
+          next if skip_gem_names.include?(name.to_s)
 
           gem_root = collection_root + name.to_s + version.to_s
           gem_root if gem_root.directory?

data/lib/rigor/environment/rbs_loader.rb

@@ -122,6 +122,23 @@ module Rigor
             Pathname(File.join(VENDORED_GEM_SIGS_ROOT, gem_dir))
           end
         end
+
+        # Gem names whose RBS ships under
+        # `data/vendored_gem_sigs/<gem>/`. The directory walk is
+        # the source of truth (the `README.md` sibling is not a
+        # gem and is excluded). Callers building the RBS env use
+        # this set to drop the matching `rbs collection install`
+        # directory before it double-declares against the
+        # vendored copy — the same hazard `DEFAULT_LIBRARIES`
+        # creates for stdlib-extracted gems. See
+        # `RbsCollectionDiscovery`'s `skip_gem_names:`.
+        def vendored_gem_names
+          return [] unless File.directory?(VENDORED_GEM_SIGS_ROOT)
+
+          Dir.children(VENDORED_GEM_SIGS_ROOT).reject do |child|
+            File.file?(File.join(VENDORED_GEM_SIGS_ROOT, child))
+          end
+        end
       end
 
       attr_reader :libraries, :signature_paths, :cache_store, :virtual_rbs

data/lib/rigor/environment.rb

@@ -263,11 +263,22 @@ module Rigor
         # resulting `rbs_collection.lock.yaml` and feed each
         # gem's `<collection_path>/<name>/<version>/` directory
         # into `signature_paths:`. Stdlib-typed entries are
-        # skipped (already covered by `DEFAULT_LIBRARIES`).
+        # skipped (already covered by `DEFAULT_LIBRARIES`), as
+        # are gems whose RBS rigor already loads from another
+        # source — stdlib-extracted default gems (`cgi`,
+        # `logger`, …, shipped by the collection under a `git`
+        # source) and the `data/vendored_gem_sigs/` bundle
+        # (`redis`, `nokogiri`, `pg`, …). `skip_gem_names:`
+        # passes both sets so the collection copy doesn't
+        # double-declare against rigor's bundled RBS (the
+        # `RBS::DuplicatedDeclarationError` hazard).
+        merged_libraries = (DEFAULT_LIBRARIES + libraries.map(&:to_s)).uniq
+        skip_gem_names = merged_libraries + RbsLoader.vendored_gem_names
         collection_paths = RbsCollectionDiscovery.discover(
           lockfile_path: rbs_collection_lockfile,
           project_root: root,
-          auto_detect: rbs_collection_auto_detect
+          auto_detect: rbs_collection_auto_detect,
+          skip_gem_names: skip_gem_names
         ).map(&:to_s)
         # ADR-25 — RBS signature directories contributed by loaded
         # plugins via their manifest `signature_paths:`. Resolved
@@ -278,7 +289,6 @@ module Rigor
         # degrades through the same O7 failure-memo path.
         plugin_sig_paths = plugin_registry ? plugin_registry.signature_paths.map(&:to_s) : []
         loader_signature_paths = resolved_paths + plugin_sig_paths + gem_sig_paths + collection_paths
-        merged_libraries = (DEFAULT_LIBRARIES + libraries.map(&:to_s)).uniq
         # ADR-32 WD4 + WD5 — invoke each loaded plugin's
         # `source_rbs_synthesizer` once per project source file
         # and collect non-nil `[filename, rbs_source]` pairs.

data/lib/rigor/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rigor
-  VERSION = "0.1.13"
+  VERSION = "0.1.14"
 end

data/sig/rigor/environment.rbs

@@ -51,6 +51,7 @@ module Rigor
       def self.reset_default!: () -> void
       def self.build_env_for: (libraries: Array[String], signature_paths: Array[String | _ToPath]) -> untyped
       def self.vendored_gem_sig_paths: () -> Array[Pathname]
+      def self.vendored_gem_names: () -> Array[String]
 
       def initialize: (?libraries: Array[String], ?signature_paths: Array[String | _ToPath], ?cache_store: untyped?) -> void
       def class_known?: (String | Symbol name) -> bool

data/skills/rigor-project-init/references/01-detect.md

@@ -35,13 +35,51 @@ Also note per-gem markers that have their own plugin: `devise`,
     `rbs_collection.auto_detect: true` (the default).
   - **Lockfile present, `.gem_rbs_collection/` absent** → the lockfile
     was generated but the gems were never downloaded. Rigor loads the
-    lockfile but finds no RBS files. Note this for Phase 6: if triage
-    reports `gem-without-rbs` hints for gems that appear in
-    `rbs_collection.yaml`, run `rbs collection install` first and
-    re-run triage.
+    lockfile but finds no RBS files. **Act now — see below.**
   - **Both absent** → note it; Phase 6's triage may recommend
     `rbs collection install` if `gem-without-rbs` hints appear.
 
+### RBS collection — install if absent
+
+When `rbs_collection.lock.yaml` is present **and** `.gem_rbs_collection/`
+is absent, the collection was configured (e.g. by Steep or `rbs_rails`)
+but never installed. Installing it now — before writing the config or
+running triage — gives Rigor community RBS for dozens of gems and avoids
+a triage → config-fix → re-triage cycle.
+
+Offer to run:
+
+```sh
+bundle exec rbs collection install
+```
+
+Use `bundle exec` when `rbs` appears in `Gemfile` or `Gemfile.lock`
+(the common case — Steep / rbs_rails workflows put it there). If `rbs`
+is not in the Gemfile, use the bare `rbs collection install` instead.
+
+Ask the user for permission before running, since this installs files
+into `.gem_rbs_collection/` (a generated directory that belongs in
+`.gitignore`). Only proceed with their confirmation.
+
+After installation, verify with:
+
+```sh
+ls .gem_rbs_collection/
+```
+
+The directory should contain RBS gem subdirectories. Continue to
+Phase 2 — the collection will be auto-detected by Rigor at analysis
+time.
+
+**Note: RBS collision after install.** Some gems (e.g. `cgi`, `logger`,
+`base64`) were extracted from Ruby's stdlib into standalone gems from
+Ruby 3.3 onwards. When these appear in both `.gem_rbs_collection/` and
+Rigor's bundled stdlib, `rigor triage` may print a
+`RBS::DuplicatedDeclarationError`. If this happens, note the error and
+continue — plugin-based diagnostics are unaffected. File a Rigor issue
+at <https://github.com/rigortype/rigor/issues> so the engine can
+deduplicate stdlib gems from the collection automatically.
+
 ### Path scope
 
 Note the conventional source roots so Phase 4 can set `paths:`:

data/skills/rigor-project-init/references/02-configure.md

@@ -18,6 +18,23 @@ config as `.rigor.dist.yml` lets a contributor opt out locally (for
 example, run without the baseline) without touching the committed
 file.
 
+## Selecting `target_ruby`
+
+Read the project's declared Ruby version from `.ruby-version`, the
+`Gemfile` `ruby "…"` line, or `.tool-versions`. Use the **minimum**
+version of the declared range (e.g. `>= 3.2.0, < 3.5.0` → `3.2`).
+
+Then apply this decision table — **do not ask the user**; act
+automatically and emit the message described:
+
+| Declared minimum | `target_ruby` to write | Action |
+| --- | --- | --- |
+| 4.x | `"4.0"` (or exact patch) | Write as-is. |
+| 3.3 – 3.x | `"3.3"` (or exact minor) | Write as-is. |
+| 3.0 – 3.2 | `"3.3"` | Write `"3.3"` automatically. Emit: *"Project targets Ruby X.Y, but Prism (the parser bundled with rigortype) supports Ruby 3.3 as its minimum. Setting `target_ruby: \"3.3\"` — syntax parsing is compatible across 3.0–3.3, but RBS type definitions in `.gem_rbs_collection/` or community libraries may be authored for 3.3+ and could produce type-level false positives on APIs that changed between 3.0 and 3.3."* |
+| 2.x | — | **Stop.** Emit: *"Project targets Ruby 2.x. Rigor's bundled Prism parser does not support Ruby 2.x syntax (removed keyword argument syntax, pattern matching differences). Rigor cannot reliably analyse this project. Consider upgrading the project to Ruby 3.3+ before onboarding Rigor."* Do not write a config; do not continue the skill. |
+| Unknown / not declared | `"4.0"` (Rigor's default) | Write as-is; note that the default was used. |
+
 ## Severity profile — follows the mode
 
 The `severity_profile:` key re-stamps every rule's severity. Set it

data/skills/rigor-project-init/references/03-baseline-and-bugs.md

@@ -49,7 +49,7 @@ Use the three sections like this:
 | Hint `id` | Cause | Where this skill handles it |
 | --- | --- | --- |
 | `activesupport-core-ext` | ActiveSupport core-class monkey-patches not loaded. | Go back to Phase 3/4: add `rigor-activesupport-core-ext` to `plugins:` (it is an RBS-bundle plugin), re-run triage. This is a config gap, not a bug. |
-| `gem-without-rbs` | A dependency ships no RBS. | Phase 7 escalation — `rbs collection install`, or `dependencies.source_inference:`, or open a Rigor issue. |
+| `gem-without-rbs` | A dependency ships no RBS. | If `rbs_collection.lock.yaml` was present and Phase 1 installed the collection, re-run `rigor triage` — the hint may shrink or disappear. Otherwise: Phase 8 escalation — `bundle exec rbs collection install`, or `dependencies.source_inference:`, or open a Rigor issue. |
 | `project-monkey-patch` | An in-project monkey-patch / refinement Rigor did not see. | Phase 7 escalation — register the defining file via `pre_eval:`, or (if it is a DSL) write a project plugin. |
 | `activerecord-relation-misinference` | An ActiveRecord relation inferred as `Array`. | Ensure `rigor-activerecord` is enabled (Phase 3). If it persists, it is an engine gap — open a Rigor issue. |
 | `systemic-file-cluster` | One file × one rule, large count. | Acknowledge mode: a clean baseline bucket. Strict mode: a single fix may clear many — review that file first. |
@@ -142,8 +142,9 @@ cheapest first:
 If triage reports `gem-without-rbs`, a dependency ships no type
 information and Rigor has no built-in coverage. In order:
 
-1. `rbs collection install` — pulls community RBS for the gem if it
-   exists. Re-run triage afterwards.
+1. `bundle exec rbs collection install` (bare `rbs collection install`
+   if `rbs` is not in the project's Gemfile) — pulls community RBS for
+   the gem if it exists. Re-run triage afterwards.
 2. `dependencies.source_inference:` in `.rigor.dist.yml` — opt the
    gem into Rigor inferring `Dynamic`-typed returns from its source.
 3. If the gem is widely used and genuinely warrants first-class

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rigortype
 version: !ruby/object:Gem::Version
-  version: 0.1.13
+  version: 0.1.14
 platform: ruby
 authors:
 - Rigor contributors